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Abstract 


RFC 8226 specifies the use of certificates for Secure Telephone Identity Credentials; these 
certificates are often called "Secure Telephone Identity Revisited (STIR) Certificates". RFC 8226 
provides a certificate extension to constrain the JSON Web Token (JWT) claims that can be 
included in the Personal Assertion Token (PASSporT), as defined in RFC 8225. If the PASSporT 
signer includes a JWT claim outside the constraint boundaries, then the PASSporT recipient will 
reject the entire PASSporT. This document updates RFC 8226; it provides all of the capabilities 
available in the original certificate extension as well as an additional way to constrain the 
allowable JWT claims. The enhanced extension can also provide a list of claims that are not 
allowed to be included in the PASSporT. 
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1. Introduction 


The use of certificates [RFC5280] in establishing authority over telephone numbers is described 
in [RFC8226]. These certificates are often called "STIR Certificates". STIR certificates are an 
important element of the overall system that prevents the impersonation of telephone numbers 
on the Internet. 


Section 8 of [RFC8226] provides a certificate extension to constrain the JSON Web Token (JWT) 
claims that can be included in the Personal Assertion Token (PASSporT) [RFC8225]. If the 
PASSporT signer includes a JWT claim outside the constraint boundaries, then the PASSporT 
recipient will reject the entire PASSporT. 
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This document defines an enhanced JWTClaimConstraints certificate extension, which provides 
all of the capabilities available in the original certificate extension as well as an additional way to 
constrain the allowable JWT claims. That is, the enhanced extension can provide a list of claims 
that are not allowed to be included in the PASSporT. 


The Enhanced JWT Claim Constraints certificate extension is needed to limit the authority when 
a parent STIR certificate delegates to a subordinate STIR certificate. For example, [RFC9060] 
describes the situation where service providers issue a STIR certificate to enterprises or other 
customers to sign PASSporTs, and the Enhanced JWT Claim Constraints certificate extension can 
be used to prevent specific claims from being included in PASSporTs and accepted as valid by the 
PASSporT recipient. 


The JWT Claim Constraints certificate extension defined in [RFC8226] provides a list of claims 
that must be included in a valid PASSporT as well as a list of permitted values for selected claims. 
The Enhanced JWT Claim Constraints certificate extension defined in this document includes 
those capabilities and adds a list of claims that must not be included in a valid PASSporT. 


2. Terminology 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD 
NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to 
be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in 
all capitals, as shown here. 


3. Enhanced JWT Claim Constraints Syntax 


The Enhanced JWT Claim Constraints certificate extension is non-critical, applicable only to end- 
entity certificates, and defined with ASN.1 [X.680]. The syntax of the JWT claims in a PASSporT is 
specified in [RFC8225]. 


The Enhanced JWT Claim Constraints certificate extension is optional, but, when present, it 
constrains the JWT claims that authentication services may include in the PASSporT objects they 
sign. Constraints are applied by certificate issuers and enforced by recipients when validating 
PASSporT claims as follows: 


1. mustInclude indicates JWT claims that MUST appear in the PASSporT in addition to the iat, 
orig, and dest claims. The baseline PASSporT claims ("iat", "orig", and "dest") are considered 
to be required by [RFC8225], and these claims SHOULD NOT be part of the mustInclude list. If 
mustInclude is absent, the iat, orig, and dest claims MUST appear in the PASSporT. 

2. permittedValues indicates that, if the claim name is present, the claim MUST exactly match 
one of the listed values. 

3. mustExclude indicates JWT claims that MUST NOT appear in the PASSporT. The baseline 
PASSporT claims ("iat", "orig", and "dest") are always permitted, and these claims MUST NOT 
be part of the mustExclude list. If one of these baseline PASSporT claims appears in the 
mustExclude list, then the certificate MUST be treated as if the extension was not present. 
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Following the precedent in [RFC8226], JWT Claim Names MUST be ASCII strings, which are also 
known as strings using the International Alphabet No. 5 [ISO646]. 


The Enhanced JWT Claim Constraints certificate extension is identified by the following object 
identifier (OID): 


id-pe-eJWTClaimConstraints OBJECT IDENTIFIER ::= { id-pe 33 } 


The Enhanced JWT Claim Constraints certificate extension has the following syntax: 


EnhancedJWTClaimConstraints ::= SEQUENCE { 

mustInclude [0] JWTClaimNames OPTIONAL, 
-- The listed claim names MUST appear in the PASSporT 
-- in addition to iat, orig, and dest. If absent, iat, orig, 
-- and dest MUST appear in the PASSporT. 

permittedValues [1] JWTClaimValuesList OPTIONAL, 
-- If the claim name is present, the claim MUST contain one 
-- of the listed values. 

mustExclude [2] JWTClaimNames OPTIONAL } 
-- The listed claim names MUST NOT appear in the PASSporT. 


( WITH COMPONENTS { ..., mustInclude PRESENT } | 

WITH COMPONENTS { ..., permittedValues PRESENT } | 

WITH COMPONENTS { ..., mustExclude PRESENT } ) 
JWTClaimValuesList ::= SEQUENCE SIZE (1..MAX) OF JWTClaimValues 
JWTClaimValues ::= SEQUENCE { 


claim JWTClaimName, 
values SEQUENCE SIZE (1..MAX) OF UTF8String } 


JWTClaimNames ::= SEQUENCE SIZE (1..MAX) OF JWTClaimName 


JWTClaimName ::= IA5String 


4. Usage Examples 


Consider these usage examples with a PASSporT claim called "confidence" with values "low", 
"medium", and "high". These examples illustrate the constraints that are imposed by 
mustInclude, permittedValues, and mustExclude: 


e If a certification authority (CA) issues a certificate to an authentication service that includes 
an Enhanced JWT Claim Constraints certificate extension that contains the mustInclude 
JWTClaimName "confidence", then an authentication service is required to include the 
"confidence" claim in all PASSporTs it generates and signs. A verification service will treat 
any PASSporT it receives without a "confidence" PASSporT claim as invalid. 

e If a CA issues a certificate to an authentication service that includes an Enhanced JWT Claim 
Constraints certificate extension that contains the permittedValues JwWTClaimName 
"confidence" and a permitted "high" value, then a verification service will treat any 
PASSporT it receives with a PASSporT "confidence" claim with a value other than "high" as 
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invalid. However, a verification service will not treat a PASSporT it receives without a 
PASSporT "confidence" claim at all as invalid, unless "confidence" also appears in 
mustInclude. 


e If a CA issues a certificate to an authentication service that includes an Enhanced JWT Claim 
Constraints certificate extension that contains the mustExclude JWTClaimName 
"confidence", then a verification service will treat any PASSporT it receives with a PASSporT 
"confidence" claim as invalid regardless of the claim value. 


5. Certificate Extension Example 


A certificate containing an example of the EnhancedJWTClaimConstraints certificate extension is 
provided in Figure 1. The certificate is provided in the format described in [RFC7468]. The 
example of the EnhancedJWTClaimConstraints extension from the certificate is shown in Figure 
2. The example imposes three constraints: 


1. The "confidence" claim must be present in the PASSporT. 
2. The "confidence" claim must have a value of "high" or "medium". 
3. The "priority" claim must not be present in the PASSporT. 


== BEGIN CERTIFICATE----- 
MITCpzCCAk2gAwIBAgIUH7Zd3rQ5Asv0O1zLnzUHhrVhDS1swCgY IKoZ1zj@EAwIw 
KTELMAkGA1UEBhMCVVMxGj AYBgNVBAMMEUJPR1VTIFNIQUtFTiBST@9UMB4XDTIx 
MDcxNTIXNTIXNVoOXDTIyMDcxNTIxXNTIxXNVowbDELMAkKGA1UEBhMCVVMxCZAJBgNV 
BAgMA1ZBMRAwDgYDVQQHDAdIZXJuZG9UMR4WHAYDVQQKDBVCb2d1cyBFeGFtcGx1 
IFR1bGVjb2@xDTALBgNVBASMBFZvSVAxDZANBgNVBAMMBINIQUtFT jBZMBMGByqG 
SM49AgEGCCqGSM49AWEHA@TABNR6C6nBWRA/ fXTg1VO3aXkXy8hx9oBttVLhsTZ1 
TYVRBao40ZhVf /Xv1a3xLsZ6KfdhuylSeAKuCoSbVGo j YDGj ggEOMIIBC j AMBgNV 
HRMBAf8EAj AAMA4GA1UdDwEB /wQEAwLHgDAdBgNVHQ4EF gQUD1G3dxHyzKL/FZfS 
PI7rpuueRbswHwYDVR@j BBgwFoAULToKtrQeF rwwyXpMj 1qu3TQEeoEwQgYJYIZI 
AYb4QgENBDUWM1RoaXMgY2VydGlmaWNhdGUgY2Fubm9@IGJLIHRydXN@ZWQgZm9y 
IGFueSBwdXJwb3N1L j AWBggrBgEFBQcBGgQKMAigBhYEMTIZNDBOBggrBgEFBQcB 
TQRCMECgDjAMF gp jb25maWR1bmN1oSAwHjAcFgpjb25maWR1bmN1IMA4MBGhpZ2gM 
Bm11ZG11baIMMAoWCHByaW9yaXR5MAoGCCqGSM49BAMCA@gAMEUCIQCbNR4QK1um 
+@vq2CE1B1/W3avYeRESPi/7RKHf fL+5eQI garHot+X9R17SOyNBq5X5JyEMx@SQ 
hRLkKCY3Z0z20CNQ= 

=> >>> END CERTIFICATE----- 


Figure 1: Example Certificate 
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@ 64: SEQUENCE { 

De al Ac: io { 

A [pe SEQUENCE { 

6 10: TA5String ‘confidence’ 


: } 
ia eee Slayer: 


20 30: SEQUENCE { 
22 26: SEQUENCE { 
24O: IA5String 'confidence' 
36 14: SEQUENCE { 
38 A: UTF8String 'high' 
44 6: UTF8String 'medium' 
: } 
} 
} 
: } 
52 12: AI) a 
54 10: SEQUENCE { 
56 8: IA5String priority: 
} 
} 


Figure 2: Example EnhancedJWTClaimConstraints Extension 


6. Guidance to Certification Authorities 


The EnhancedJWTClaimConstraints extension specified in this document and the 
JWTClaimConstraints extension specified in [RFC8226] MUST NOT both appear in the same 
certificate. 


If the situation calls for mustExclude constraints, then the EnhancedJWTClaimConstraints 
extension is the only extension that can express the constraints. 


On the other hand, if the situation does not call for mustExclude constraints, then either the 
EnhancedJWTClaimConstraints extension or the JWTClaimConstraints extension can express the 
constraints. Until such time as support for the EnhancedJWTClaimConstraints extension becomes 
widely implemented, the use of the JWTClaimConstraints extension may be more likely to be 
supported. This guess is based on the presumption that the first specified extension will be 
implemented more widely in the next few years. 


7. IANA Considerations 


This document makes use of object identifiers for the Enhanced JWT Claim Constraints certificate 
extension defined in Section 3 and the ASN.1 module identifier defined in Appendix A. Therefore, 
IANA has made the following assignments within the "Structure of Management Information 
(SMI) Numbers (MIB Module Registrations)" registry. 
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For the Enhanced JWT Claim Constraints certificate extension in the "SMI Security for PKIX 
Certificate Extension" (1.3.6.1.5.5.7.1) registry: 


Decimal Description 


33 id-pe-eJWTClaimConstraints 
Table 1 


For the ASN.1 module identifier in the "SMI Security for PKIX Module Identifier" (1.3.6.1.5.5.7.0) 
registry: 


Decimal Description 


101 id-mod-eJWTClaimConstraints-2021 
Table 2 


8. Security Considerations 


For further information on certificate security and practices, see [RFC5280], especially the 
Security Considerations section. 


Since non-critical certificate extensions are ignored by implementations that do not recognize 
the extension object identifier (OID), constraints on PASSporT validation will only be applied by 
relying parties that recognize the EnhancedJWTClaimConstraints extension. 


The Enhanced JWT Claim Constraints certificate extension can be used by certificate issuers to 
provide limits on the acceptable PASSporTs that can be accepted by verification services. 
Enforcement of these limits depends upon proper implementation by the verification services. 
The digital signature on the PASSporT data structure will be valid even if the limits are violated. 


Use of the Enhanced JWT Claim Constraints certificate extension permittedValues constraint is 
most useful when the claim definition allows a specified set of values. In this way, all of the 
values that are not listed in the JWTClaimValuesList are prohibited in a valid PASSporT. 


Certificate issuers must take care when imposing constraints on the PASSporT claims and the 
claim values that can be successfully validated; some combinations can prevent any PASSporT 
from being successfully validated by the certificate. For example, an entry in mustInclude and an 
entry in mustExclude for the same claim will prevent successful validation on any PASSporT. 


Certificate issuers SHOULD NOT include an entry in mustExclude for the "rcdi" claim for a 
certificate that will be used with the PASSporT Extension for Rich Call Data defined in [STIR- 
PASSPORT-RCD]. Excluding this claim would prevent the integrity protection mechanism from 
working properly. 


Housley Standards Track Page 7 


RFC 9118 


EnhancedJWTClaimConstraints August 2021 


Certificate issuers must take care when performing certificate renewal [RFC4949] to include 
exactly the same Enhanced JWT Claim Constraints certificate extension in the new certificate as 
the old one. Renewal usually takes place before the old certificate expires, so there is a period of 
time where both the new certificate and the old certificate are valid. If different constraints 
appear in the two certificates with the same public key, some PASSporTs might be valid when 
one certificate is used and invalid when the other one is used. 
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Appendix A. ASN.1 Module 


This appendix provides the ASN.1 [X.680] definitions for the Enhanced JWT Claim Constraints 
certificate extension. The module defined in this appendix is compatible with the ASN.1 
specifications published in 2015. 
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This ASN.1 module imports ASN.1 from [RFC5912]. 
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<CODE BEGINS> 
EnhancedJWTClaimConstraints-2021 
{ iso(1) identified-organization(3) dod(6) internet(1) 
security(5) mechanisms(5) pkix(7) id-mod(@) 
id-mod-eJWTClaimConstraints-2021(101) } 


DEFINITIONS EXPLICIT TAGS ::= BEGIN 
IMPORTS 

id-pe 

FROM PKIX1Explicit-2009 -- From RFC 5912 


{ iso(1) identified-organization(3) dod(6) internet(1) 
security(5) mechanisms(5) pkix(7) id-mod(@) 
id-mod-pkix1-explicit-@2(51) } 


EXTENSION 
FROM PKIX-CommonTypes-2009 -- From RFC 5912 
{ iso(1) identified-organization(3) dod(6) internet(1) 
security(5) mechanisms(5) pkix(7) id-mod(@) 
id-mod-pkixCommon-@2(57) } ; 


-- Enhanced JWT Claim Constraints Certificate Extension 


ext-eJWTClaimConstraints EXTENSION ::= { 
SYNTAX EnhancedJWTClaimConstraints 
IDENTIFIED BY id-pe-eJWTClaimConstraints } 


id-pe-eJWTClaimConstraints OBJECT IDENTIFIER ::= { id-pe 33 } 


EnhancedJWTClaimConstraints ::= SEQUENCE { 

mustInclude [@] JWTClaimNames OPTIONAL, 
-- The listed claim names MUST appear in the PASSporT 
-- in addition to iat, orig, and dest. If absent, iat, orig, 
-- and dest MUST appear in the PASSporT. 

permittedValues [1] JWTClaimValuesList OPTIONAL, 
-- If the claim name is present, the claim MUST contain one 
-- of the listed values. 

mustExclude [2] JWTClaimNames OPTIONAL } 
-- The listed claim names MUST NOT appear in the PASSporT. 


( WITH COMPONENTS { ..., mustInclude PRESENT } | 

WITH COMPONENTS { ..., permittedValues PRESENT } | 

WITH COMPONENTS { ..., mustExclude PRESENT } ) 
JWTClaimValuesList ::= SEQUENCE SIZE (1..MAX) OF JWTClaimValues 
JWTClaimValues ::= SEQUENCE { 


claim JWTClaimName, 
values SEQUENCE SIZE (1..MAX) OF UTF8String } 


JWTClaimNames ::= SEQUENCE SIZE (1..MAX) OF JWTClaimName 
JWTClaimName ::= IA5String 
END 
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<CODE ENDS> 
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